Staying Safe in the Wild West of Hotel WiFi

28th Feb 2017

Whilst I was lying on my sunbed last week enjoying some foreign February weather (it was lovely, thanks for asking) I couldn’t help but to notice the  many different people, of varying  ages, with different kinds of electronic devices and I started thinking about WiFi privacy (or lack of) on public WiFi.

For what was a considerably large, sprawling holiday resort, the WiFi  coverage was pretty universal and it was of a decent enough standard to support the many users requiring access -which makes a pleasant change from previous hotel WiFi experiences!

A lack of encryption

As is the case for many hotels these days, users were split into two sub-groups; those willing to pay for the pleasure, who were able to roam freely around the complex whilst enjoying uninterrupted service, and those who opted for the more cost-effective ‘free’ version, which was limited to WiFi hotspot coverage.

Although these two tiers offered different levels of service (primarily areas of WiFi coverage) depending on whether you pay or not, what they had in common was the lack of any encryption.

Encryption is often deemed a ‘faff’ when deploying public WiFi for hotels and guests alike. Firstly, encryption requires a key to be input by the user (unlikely) and secondly, the hotel would then have to provide support resources for the inevitable issues that would arise (more unlikely?).

Splash portal to the Wild West of WiFi

So, for ease-of-use, my hotel of choice deployed a splash portal redirection, through which you were prompted to confirm acceptance of their WiFi terms and conditions and…you're the Wild, Wild West of WiFi.

Without delving too deep, as that would have meant bringing some network analysis tools and I'm very sure my wife would not appreciate that (!), I could tell the network was configured as a large flat subnet, so all users were co-existing on the same IP range.

It is probably safe to assume that, for the majority of holiday-makers, connectivity with a minimum of hassle is the primary concern. After all, getting online to post pictures, tweet or DM isn’t usually prefaced by stringent security protocols.

It is also probably safe to assume that most of my fellow Wi-Fi-enabled patrons would share the view that other users are ‘benign’ and are, for the most-part, doing the same as them. However, putting my security hat on, I know this is not always true.

Next Generation Firewalls

I spend a lot of time deep within the logs of Next Generation Firewalls from the likes of Cisco and Palo Alto Networks and know from past experience that, whatever we assume the traffic flows are on a network, there is always some malware or user activity outside the norm.

Again, I didn't have the means to test my hotel WiFi security (or, the desire to deploy them from my sun-soaked lounger) but it is a sure-bet that the results would have made interesting reading. We do offer a Application Visibility and Risk (AVR) report for businesses looking for insight into the traffic flows on their network.

The point is a lack of Hotel WiFi Privacy

So, getting to the point (finally), WiFi privacy is what hotel Wi-Fi users probably imagine they are getting when the reality is somewhat different.

As network designers our roles are to combine the functionality and ease-of-use of a public WiFi with robust security built in at the network layer to protect the user. The security component is essential as we know, users won't generally protect themselves.

Hotels require simplified WiFi solutions

Such a platform that can create these security structures and provide the protection required in hotel and hospitality environments is the RGNets Gateway solution, which combines multiple functions into one box for such deployments, with any or some of the modules being used as required:

  • Firewall
  • Advertising Control
  • Bandwidth Throttling
  • Portal Splash Screens
  • Authentication and Payment Gateway Integration

Also, one other key feature which overcomes the Wild West of a large free-for-all WiFi network with no encryption; Dynamic Private VLANs. These private VLANs allow each user to be segmented away from others users and have security and control policies applied at their Layer 3 boundary thus protecting the user without them knowing they are being protected.

Stay tuned!

My next blog will go into further detail about the technical and commercial benefits of the RGNets Gateways, until then to discuss with us how this could help your hospitality or public WiFi deployment please contact us by calling 01929 556 553 for a chat with one of our technical team!

What Next?

If you are planning to deploy an enterprise-grade wireless network or are experiencing problems with a existing setup, please feel free to contact Ensign Communications for a chat with our technical team.